261 Commits

Author	SHA1	Message	Date
Teddy Reed	6ce053a45d	fim: Allow Linux publishers to be interrupted (#3376)	2017-06-02 21:39:35 -07:00
Teddy Reed	7844a8ea1b	nits: Use char-overload for find (#3363)	2017-05-29 23:13:10 -07:00
Teddy Reed	98505e5eb2	events: Sane defaults for expiration and max (#3358)	2017-05-29 16:10:24 -07:00
Teddy Reed	8a93acfa1c	TSAN: Address failures and findings in LLVM 4.0 (#3343)	2017-05-29 02:06:57 -07:00
Teddy Reed	b38a62be8b	config: Rename getInstance to get for consistency (#3350)	2017-05-28 23:04:53 -07:00
Teddy Reed	9ba0edb4bb	darwin: Improve disk_events add detection (#3332)	2017-05-26 10:38:26 -07:00
Teddy Reed	b427310241	deps: Rebuild the world, static and hidden (#3299)	2017-05-21 10:59:19 -07:00
Teddy Reed	582ab52e8f	build: Remove SYSTEMD and _BASED logic (#3245)	2017-05-03 22:28:33 -07:00
Teddy Reed	0374fde651	[Fix #3194] Remove qualified name from parseEvent declaration (#3198)	2017-04-22 18:16:20 -07:00
Teddy Reed	90078f15ea	events: Add hidden EID to all events tables (#3159)	2017-04-14 08:20:20 -07:00
Teddy Reed	649afcfff1	events: Use generator-tables for event subscribers (#3150)	2017-04-12 21:45:41 -07:00
Teddy Reed	c5e6db36eb	events: Use poll instead of select for audit and udev (#3158)	2017-04-12 16:10:11 -07:00
Teddy Reed	5fd11260ad	inotify: Use poll over select in inotify publisher (#3157)	2017-04-12 16:09:48 -07:00
ryanheffernan	5d6ea77efd	[Fix #3129] Check malloc result for WEL XML buffer before calling EvtRender (#3130)	2017-04-04 09:52:29 -07:00
Teddy Reed	7b6e4c7a27	audit: Optimize user_events and add auid (#3120)	2017-03-31 08:30:45 -07:00
Teddy Reed	bc85f726ad	events: Execute schedule before expiring (#3091)	2017-03-21 12:38:04 -07:00
Teddy Reed	69bb69fd6d	events: Inspect schedule and improve tests (#3087)	2017-03-20 22:03:09 -07:00
Teddy Reed	7b6d026820	rocksdb: Update to 5.0 and use DeleteRange for expirations (#3066)	2017-03-17 12:40:07 -07:00
Teddy Reed	78ed32a673	events: Add locks around publisher and subscriber name accesses (#2969)	2017-02-06 01:17:38 -08:00
Teddy Reed	f54a974ff6	events: Fix locking around FSEvents (#2966)	2017-02-03 22:57:38 -08:00
Nick Anderson	e961fc850e	Adding the Windows event log publisher (#2937)	2017-02-02 17:05:58 -08:00
Jonathan Lee	a1de136c1a	Change logging level in certain cases (#2896)	2017-01-31 08:07:42 -08:00
Teddy Reed	0e9733f94c	Simplify Registry and plugin concepts (#2887)	2017-01-07 12:21:35 -08:00
Teddy Reed	e9bbe1d624	Add Linux audit benchmarks (#2834)	2016-12-03 12:36:55 -08:00
Teddy Reed	0637f3c880	Manage queue configuration for Linux audit (#2792)	2016-11-23 15:40:14 -08:00
lambda-conjecture	ad4cf3ed90	Fix crash in FIM processing on Linux (#2751)	2016-11-22 17:53:07 -08:00
Teddy Reed	0ee1bbe739	Improve process_events on Linux (#2790)	2016-11-22 09:37:16 -08:00
Teddy Reed	6ead016cbb	[Fix #2656] Refactor events_optimize to act per-query (#2665)	2016-11-05 22:03:45 -07:00
Teddy Reed	a3acf2a3e5	Fix Config TLS plugin default verb (#2708)	2016-11-02 17:08:44 -07:00
Teddy Reed	4c8fdf5d17	Fix UDEV publisher unit tests LSAN bug (#2693)	2016-10-30 11:15:55 -07:00
Teddy Reed	b59cfd6949	[Fix #2681] Use subscriber setUp result to enable/disable (#2682)	2016-10-25 10:23:10 -07:00
Aditya Srivastava	ef4f8af3b8	Issue #2651 : Changed all NULLs to nullptrs (#2657)	2016-10-21 11:20:28 -07:00
Nick Anderson	208d2324d5	Extending chrome browser extension table to Windows (#2619)	2016-10-14 10:23:37 -07:00
Teddy Reed	b895c6a988	Reduce several INFO logs to VLOGs and increase size-INTEGERs to BIGINT (#2559)	2016-09-28 12:38:35 -07:00
Teddy Reed	7e9088e008	[#2542] Introduce --enable_syslog to explicit enable syslog ingestion (#2543)	2016-09-27 17:35:21 -07:00
Zachary Wasserman	9216ed8275	Make syslog rate limit configurable by flag (#2526)	2016-09-26 17:31:22 -07:00
Teddy Reed	17b89fc182	Refactor events and remove 10/3600 indexes (#2523)	2016-09-25 22:19:31 -07:00
Teddy Reed	bcd90070ae	Remove time-override for events add API (#2508) ... This will remove the use of current time for syslog.time and introduce a new column called 'datetime'. Events now uses an "optimize_id" alongside "optimize" to prevent returning colliding events added within the same second as the previous genTable call.	2016-09-23 16:46:02 -07:00
yying	84e6a3401a	Reducing compiler warnings and fails on warn in VS (#2433)	2016-09-02 15:04:03 -07:00
Teddy Reed	080bc5ed88	Improve verbose logging for several linux event publishers (#2421)	2016-08-29 14:26:25 -07:00
Teddy Reed	05a795d80a	Count subscriber events correctly in osquery_events (#2419) ... This also changes the osquery_events API by renaming restarts to refreshes.	2016-08-29 06:57:24 -07:00
Teddy Reed	987368221f	Remove several raw strings that confuse static analysis (#2367)	2016-08-15 14:52:11 -07:00
Teddy Reed	dd3020df79	[Fix #2319] Emit verbose log when Linux audit is immutable (#2347)	2016-08-12 18:30:21 -07:00
artemdinaburg	d8bfe962aa	Fix Windows under 1.8 build system (#2333)	2016-08-10 14:06:47 -07:00
Teddy Reed	33c1afa4b8	Allow the non-blocking kernel-test publisher to drop 5% (#2336)	2016-08-10 08:45:37 -07:00
Teddy Reed	1c4d6397fa	OS X IOKit utilities refactor to allow SKIP_TABLES (#2335)	2016-08-09 20:49:56 -07:00
Teddy Reed	f3f605e26a	Introduce a PLATFORM_MASK and isPlatform (#2334) ... Along with the platform defines and platform string defines provided by CMake to the build, add a PLATFORM_MASK define. Use this define as a platform-type mask with the PlatformType enum.	2016-08-09 20:27:42 -07:00
Teddy Reed	7eab0f39bd	Fix race conditions in Linux inotify publisher (#2309) ... 1. This adds several mutexes to the inotify publisher and its tests. 2. A fix for Linux 4.1 and LLVM TSAN is applied to CMake logic.	2016-07-31 22:41:37 -07:00
Teddy Reed	870c5bd9f9	Clean up verbose logging for OS X kernel extension (#2276)	2016-07-21 14:29:17 -07:00
yying	547e8f961c	CMake configuration file changes to support Windows (#2258)	2016-07-20 23:48:55 -07:00